Skip to content

fix: Logger settings for feature servers and updated logger for permission flow #4531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tokoko merged 3 commits into from
Sep 19, 2024
Merged

fix: Logger settings for feature servers and updated logger for permission flow #4531

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
71267e5
Logger setting for feature servers
redhatHameed Sep 17, 2024
1b5a8fc
added/updated logger for permission flow
redhatHameed Sep 18, 2024
286a6d7
set defualt logger level for feature servers as WARNING
redhatHameed Sep 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions infra/charts/feast-feature-server/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,20 +42,28 @@ spec:
command:
{{- if eq .Values.feast_mode "offline" }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "serve_offline"
- "-h"
- "0.0.0.0"
{{- else if eq .Values.feast_mode "ui" }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "ui"
- "-h"
- "0.0.0.0"
{{- else if eq .Values.feast_mode "registry" }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "serve_registry"
{{- else }}
{{- if .Values.metrics.enlabled }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "serve"
- "--metrics"
- "-h"
Expand Down
2 changes: 2 additions & 0 deletions infra/charts/feast-feature-server/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ image:
# image.tag -- The Docker image tag (can be overwritten if custom feature server deps are needed for on demand transforms)
tag: 0.40.0

logLevel: "WARNING" # Set log level DEBUG, INFO, WARNING, ERROR, and CRITICAL (case-insensitive)

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
Expand Down
6 changes: 4 additions & 2 deletions sdk/python/feast/permissions/auth/kubernetes_token_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,16 @@ async def user_details_from_access_token(self, access_token: str) -> User:
"""
sa_namespace, sa_name = _decode_token(access_token)
current_user = f"{sa_namespace}:{sa_name}"
logging.info(f"Received request from {sa_name} in {sa_namespace}")
logger.info(
f"Request received from ServiceAccount: {sa_name} in namespace: {sa_namespace}"
)

intra_communication_base64 = os.getenv("INTRA_COMMUNICATION_BASE64")
if sa_name is not None and sa_name == intra_communication_base64:
return User(username=sa_name, roles=[])
else:
roles = self.get_roles(sa_namespace, sa_name)
logging.info(f"SA roles are: {roles}")
logger.info(f"Roles for ServiceAccount {sa_name}: {roles}")

return User(username=current_user, roles=roles)

Expand Down
4 changes: 2 additions & 2 deletions sdk/python/feast/permissions/auth/oidc_token_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
from feast.permissions.user import User

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class OidcTokenParser(TokenParser):
Expand Down Expand Up @@ -69,8 +68,9 @@ async def user_details_from_access_token(self, access_token: str) -> User:

try:
await self._validate_token(access_token)
logger.info("Validated token")
logger.debug("Token successfully validated.")
except Exception as e:
logger.error(f"Token validation failed: {e}")
raise AuthenticationError(f"Invalid token: {e}")

optional_custom_headers = {"User-agent": "custom-user-agent"}
Expand Down
1 change: 1 addition & 0 deletions sdk/python/feast/permissions/client/intra_comm_authentication_client_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ class IntraCommAuthClientManager(AuthenticationClientManager):
def __init__(self, auth_config: AuthConfig, intra_communication_base64: str):
self.auth_config = auth_config
self.intra_communication_base64 = intra_communication_base64
logger.debug(f"AuthConfig type set to {self.auth_config.type}")

def get_token(self):
if self.auth_config.type == AuthType.OIDC.value:
Expand Down
4 changes: 4 additions & 0 deletions sdk/python/feast/permissions/enforcer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,12 @@ def enforce_policy(
if evaluator.is_decided():
grant, explanations = evaluator.grant()
if not grant and not filter_only:
logger.error(f"Permission denied: {','.join(explanations)}")
raise FeastPermissionError(",".join(explanations))
if grant:
logger.debug(
f"Permission granted for {type(resource).__name__}:{resource.name}"
)
_permitted_resources.append(resource)
break
else:
Expand Down
9 changes: 5 additions & 4 deletions sdk/python/feast/permissions/server/arrow.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
from feast.permissions.user import User

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class AuthorizationMiddlewareFactory(fl.ServerMiddlewareFactory):
Expand Down Expand Up @@ -49,7 +48,9 @@ def __init__(self, access_token: str, *args, **kwargs):

def call_completed(self, exception):
if exception:
print(f"{AuthorizationMiddleware.__name__} received {exception}")
logger.exception(
f"{AuthorizationMiddleware.__name__} encountered an exception: {exception}"
Copy link
Contributor

@lokeshrangineni lokeshrangineni Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The better way to log exception is logging.exception I m not sure what it logs if we do the {exception}.

Copy link
Contributor Author

@redhatHameed redhatHameed Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set as logging.exception. These will arrow flight sever related internal exceptions.

)

async def extract_user(self) -> User:
"""
Expand All @@ -69,14 +70,14 @@ def inject_user_details(context: ServerCallContext):
context: The endpoint context.
"""
if context.get_middleware("auth") is None:
logger.info("No `auth` middleware.")
logger.warning("No `auth` middleware.")
return

sm = get_security_manager()
if sm is not None:
auth_middleware = cast(AuthorizationMiddleware, context.get_middleware("auth"))
current_user = asyncio.run(auth_middleware.extract_user())
print(f"extracted user: {current_user}")
logger.debug(f"User extracted: {current_user}")

sm.set_current_user(current_user)

Expand Down
7 changes: 4 additions & 3 deletions sdk/python/feast/permissions/server/grpc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
from feast.permissions.security_manager import get_security_manager

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class AuthInterceptor(grpc.ServerInterceptor):
Expand All @@ -22,11 +21,13 @@ def intercept_service(self, continuation, handler_call_details):
metadata=dict(handler_call_details.invocation_metadata)
)

print(f"Fetching user for token: {len(access_token)}")
logger.debug(
f"Fetching user details for token of length: {len(access_token)}"
Copy link
Contributor

@lokeshrangineni lokeshrangineni Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my 2 cents - may be debug log here is more appropriate.

Copy link
Contributor Author

@redhatHameed redhatHameed Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set as debug

)
current_user = asyncio.run(
auth_manager.token_parser.user_details_from_access_token(access_token)
)
print(f"User is: {current_user}")
logger.debug(f"User is: {current_user}")
sm.set_current_user(current_user)

return continuation(handler_call_details)
1 change: 0 additions & 1 deletion sdk/python/feast/permissions/server/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
from feast.permissions.server.rest_token_extractor import RestTokenExtractor

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class ServerType(enum.Enum):
Expand Down